1 /*
2 *
3 * Copyright 2018 gRPC authors.
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 */
18
19 #include <grpc/support/port_platform.h>
20
21 #include "src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h"
22
23 #include <stdlib.h>
24 #include <string.h>
25
26 #include <grpc/support/alloc.h>
27 #include <grpc/support/log.h>
28 #include <grpc/support/string_util.h>
29
30 /** -- gRPC TLS key materials config API implementation. -- **/
set_key_materials(const char * pem_root_certs,const grpc_ssl_pem_key_cert_pair ** pem_key_cert_pairs,size_t num_key_cert_pairs)31 void grpc_tls_key_materials_config::set_key_materials(
32 const char* pem_root_certs,
33 const grpc_ssl_pem_key_cert_pair** pem_key_cert_pairs,
34 size_t num_key_cert_pairs) {
35 this->set_pem_root_certs(pem_root_certs);
36 grpc_tls_key_materials_config::PemKeyCertPairList cert_pair_list;
37 for (size_t i = 0; i < num_key_cert_pairs; i++) {
38 auto current_pair = static_cast<grpc_ssl_pem_key_cert_pair*>(
39 gpr_zalloc(sizeof(grpc_ssl_pem_key_cert_pair)));
40 current_pair->cert_chain = gpr_strdup(pem_key_cert_pairs[i]->cert_chain);
41 current_pair->private_key = gpr_strdup(pem_key_cert_pairs[i]->private_key);
42 cert_pair_list.emplace_back(grpc_core::PemKeyCertPair(current_pair));
43 }
44 pem_key_cert_pair_list_ = std::move(cert_pair_list);
45 }
46
set_key_materials(const char * pem_root_certs,const PemKeyCertPairList & pem_key_cert_pair_list)47 void grpc_tls_key_materials_config::set_key_materials(
48 const char* pem_root_certs,
49 const PemKeyCertPairList& pem_key_cert_pair_list) {
50 this->set_pem_root_certs(pem_root_certs);
51 grpc_tls_key_materials_config::PemKeyCertPairList dup_list(
52 pem_key_cert_pair_list);
53 pem_key_cert_pair_list_ = std::move(dup_list);
54 }
55
56 /** -- gRPC TLS credential reload config API implementation. -- **/
grpc_tls_credential_reload_config(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_credential_reload_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_credential_reload_arg * arg),void (* destruct)(void * config_user_data))57 grpc_tls_credential_reload_config::grpc_tls_credential_reload_config(
58 const void* config_user_data,
59 int (*schedule)(void* config_user_data,
60 grpc_tls_credential_reload_arg* arg),
61 void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
62 void (*destruct)(void* config_user_data))
63 : config_user_data_(const_cast<void*>(config_user_data)),
64 schedule_(schedule),
65 cancel_(cancel),
66 destruct_(destruct) {}
67
~grpc_tls_credential_reload_config()68 grpc_tls_credential_reload_config::~grpc_tls_credential_reload_config() {
69 if (destruct_ != nullptr) {
70 destruct_((void*)config_user_data_);
71 }
72 }
73
74 /** -- gRPC TLS server authorization check API implementation. -- **/
75 grpc_tls_server_authorization_check_config::
grpc_tls_server_authorization_check_config(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))76 grpc_tls_server_authorization_check_config(
77 const void* config_user_data,
78 int (*schedule)(void* config_user_data,
79 grpc_tls_server_authorization_check_arg* arg),
80 void (*cancel)(void* config_user_data,
81 grpc_tls_server_authorization_check_arg* arg),
82 void (*destruct)(void* config_user_data))
83 : config_user_data_(const_cast<void*>(config_user_data)),
84 schedule_(schedule),
85 cancel_(cancel),
86 destruct_(destruct) {}
87
88 grpc_tls_server_authorization_check_config::
~grpc_tls_server_authorization_check_config()89 ~grpc_tls_server_authorization_check_config() {
90 if (destruct_ != nullptr) {
91 destruct_((void*)config_user_data_);
92 }
93 }
94
95 /** -- Wrapper APIs declared in grpc_security.h -- **/
grpc_tls_credentials_options_create()96 grpc_tls_credentials_options* grpc_tls_credentials_options_create() {
97 return new grpc_tls_credentials_options();
98 }
99
grpc_tls_credentials_options_set_cert_request_type(grpc_tls_credentials_options * options,grpc_ssl_client_certificate_request_type type)100 int grpc_tls_credentials_options_set_cert_request_type(
101 grpc_tls_credentials_options* options,
102 grpc_ssl_client_certificate_request_type type) {
103 if (options == nullptr) {
104 gpr_log(GPR_ERROR,
105 "Invalid nullptr arguments to "
106 "grpc_tls_credentials_options_set_cert_request_type()");
107 return 0;
108 }
109 options->set_cert_request_type(type);
110 return 1;
111 }
112
grpc_tls_credentials_options_set_server_verification_option(grpc_tls_credentials_options * options,grpc_tls_server_verification_option server_verification_option)113 int grpc_tls_credentials_options_set_server_verification_option(
114 grpc_tls_credentials_options* options,
115 grpc_tls_server_verification_option server_verification_option) {
116 if (options == nullptr) {
117 gpr_log(GPR_ERROR,
118 "Invalid nullptr arguments to "
119 "grpc_tls_credentials_options_set_server_verification_option()");
120 return 0;
121 }
122 if (server_verification_option != GRPC_TLS_SERVER_VERIFICATION &&
123 options->server_authorization_check_config() == nullptr) {
124 gpr_log(GPR_ERROR,
125 "server_authorization_check_config needs to be specified when"
126 "server_verification_option is not GRPC_TLS_SERVER_VERIFICATION");
127 return 0;
128 }
129 options->set_server_verification_option(server_verification_option);
130 return 1;
131 }
132
grpc_tls_credentials_options_set_key_materials_config(grpc_tls_credentials_options * options,grpc_tls_key_materials_config * config)133 int grpc_tls_credentials_options_set_key_materials_config(
134 grpc_tls_credentials_options* options,
135 grpc_tls_key_materials_config* config) {
136 if (options == nullptr || config == nullptr) {
137 gpr_log(GPR_ERROR,
138 "Invalid nullptr arguments to "
139 "grpc_tls_credentials_options_set_key_materials_config()");
140 return 0;
141 }
142 options->set_key_materials_config(config->Ref());
143 return 1;
144 }
145
grpc_tls_credentials_options_set_credential_reload_config(grpc_tls_credentials_options * options,grpc_tls_credential_reload_config * config)146 int grpc_tls_credentials_options_set_credential_reload_config(
147 grpc_tls_credentials_options* options,
148 grpc_tls_credential_reload_config* config) {
149 if (options == nullptr || config == nullptr) {
150 gpr_log(GPR_ERROR,
151 "Invalid nullptr arguments to "
152 "grpc_tls_credentials_options_set_credential_reload_config()");
153 return 0;
154 }
155 options->set_credential_reload_config(config->Ref());
156 return 1;
157 }
158
grpc_tls_credentials_options_set_server_authorization_check_config(grpc_tls_credentials_options * options,grpc_tls_server_authorization_check_config * config)159 int grpc_tls_credentials_options_set_server_authorization_check_config(
160 grpc_tls_credentials_options* options,
161 grpc_tls_server_authorization_check_config* config) {
162 if (options == nullptr || config == nullptr) {
163 gpr_log(
164 GPR_ERROR,
165 "Invalid nullptr arguments to "
166 "grpc_tls_credentials_options_set_server_authorization_check_config()");
167 return 0;
168 }
169 options->set_server_authorization_check_config(config->Ref());
170 return 1;
171 }
172
grpc_tls_key_materials_config_create()173 grpc_tls_key_materials_config* grpc_tls_key_materials_config_create() {
174 return new grpc_tls_key_materials_config();
175 }
176
grpc_tls_key_materials_config_set_key_materials(grpc_tls_key_materials_config * config,const char * root_certs,const grpc_ssl_pem_key_cert_pair ** key_cert_pairs,size_t num)177 int grpc_tls_key_materials_config_set_key_materials(
178 grpc_tls_key_materials_config* config, const char* root_certs,
179 const grpc_ssl_pem_key_cert_pair** key_cert_pairs, size_t num) {
180 if (config == nullptr || key_cert_pairs == nullptr || num == 0) {
181 gpr_log(GPR_ERROR,
182 "Invalid arguments to "
183 "grpc_tls_key_materials_config_set_key_materials()");
184 return 0;
185 }
186 config->set_key_materials(root_certs, key_cert_pairs, num);
187 return 1;
188 }
189
grpc_tls_key_materials_config_set_version(grpc_tls_key_materials_config * config,int version)190 int grpc_tls_key_materials_config_set_version(
191 grpc_tls_key_materials_config* config, int version) {
192 if (config == nullptr) {
193 gpr_log(GPR_ERROR,
194 "Invalid arguments to "
195 "grpc_tls_key_materials_config_set_version()");
196 return 0;
197 }
198 config->set_version(version);
199 return 1;
200 }
201
grpc_tls_key_materials_config_get_version(grpc_tls_key_materials_config * config)202 int grpc_tls_key_materials_config_get_version(
203 grpc_tls_key_materials_config* config) {
204 if (config == nullptr) {
205 gpr_log(GPR_ERROR,
206 "Invalid arguments to "
207 "grpc_tls_key_materials_config_get_version()");
208 return -1;
209 }
210 return config->version();
211 }
212
grpc_tls_credential_reload_config_create(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_credential_reload_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_credential_reload_arg * arg),void (* destruct)(void * config_user_data))213 grpc_tls_credential_reload_config* grpc_tls_credential_reload_config_create(
214 const void* config_user_data,
215 int (*schedule)(void* config_user_data,
216 grpc_tls_credential_reload_arg* arg),
217 void (*cancel)(void* config_user_data, grpc_tls_credential_reload_arg* arg),
218 void (*destruct)(void* config_user_data)) {
219 if (schedule == nullptr) {
220 gpr_log(
221 GPR_ERROR,
222 "Schedule API is nullptr in creating TLS credential reload config.");
223 return nullptr;
224 }
225 return new grpc_tls_credential_reload_config(config_user_data, schedule,
226 cancel, destruct);
227 }
228
229 grpc_tls_server_authorization_check_config*
grpc_tls_server_authorization_check_config_create(const void * config_user_data,int (* schedule)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* cancel)(void * config_user_data,grpc_tls_server_authorization_check_arg * arg),void (* destruct)(void * config_user_data))230 grpc_tls_server_authorization_check_config_create(
231 const void* config_user_data,
232 int (*schedule)(void* config_user_data,
233 grpc_tls_server_authorization_check_arg* arg),
234 void (*cancel)(void* config_user_data,
235 grpc_tls_server_authorization_check_arg* arg),
236 void (*destruct)(void* config_user_data)) {
237 if (schedule == nullptr) {
238 gpr_log(GPR_ERROR,
239 "Schedule API is nullptr in creating TLS server authorization "
240 "check config.");
241 return nullptr;
242 }
243 return new grpc_tls_server_authorization_check_config(
244 config_user_data, schedule, cancel, destruct);
245 }
246